Security and Privacy
Security
DivDat takes information security seriously. It’s why we have a dedicated Chief Information Security Officer on our management team, and it’s the reason we remain committed to compliance with changing regulations. DivDat maintains ongoing accreditation and validation through rigorous Payment Card Industry Data Security Standards (PCI DSS) and System and Organization Controls (SOC) audits, conducted by accredited third party auditors.
DivDat is PCI DSS v4.0 Level 1 certified, and maintains SOC levels 1 and 2 compliance, in accordance with our written information security policy (WISP). For answers to specific information security questions, please submit your question via this website’s Contact Us form.
Privacy
Diversified Data Processing & Consulting, Inc. (“DivDat” or “we”) respects your privacy and is committed to protecting it through our compliance with this statement. This Privacy Statement (“Statement”) describes the types of Personal Information, as defined below, we may collect from for marketing purposes or that you may provide when you visit DivDat owned mobile applications or websites, including, but not limited to: divdat.com, *.divdatkiosknetwork.com, divdatkiosk.com (collectively, the “Website”).
This Statement is also a notice to California residents, to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.
Please read this Statement carefully to understand our policies and practices regarding your Personal Information and how we will treat it. When you visit the Website or otherwise provide your contact information, you consent to our collection, use and disclosure of information about you as described below.
If you do not agree with our policies and practices, your choice is not to use the Website or not to provide us with your contact details. This Statement may change from time to time. Your continued use of the Website after we make changes is deemed to be acceptance of those changes, so please check the Statement periodically for updates.
COLLECTION
1. This statement applies to Personal Information we collect:
- On the Website whether on a computer or a mobile device;
- In email, text, and other electronic messages between you and DivDat related to the use of the Website or other advertising or promotional materials;
- Through desktop or mobile applications you download from the Website, or via the Apple App Store or Google Play, which provide dedicated non-browser-based interaction between you and the Website, and/or our product;
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Statement;
- Social media, including, but not limited to, Facebook, LinkedIn, Twitter, Instagram, and TikTok;
- Business cards or contact information shared in person, at conferences and tradeshows, or other events; or
- Purchased from reputable data sources, either to complete business records we already have in our marketing database, or for prospecting purposes;
and
- where such collected information identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device (collectively “Personal Information“).
Personal Information has different meanings depending upon which regulation is applicable to it. DivDat has taken a comprehensive approach and individuals can also rely on the applicable regulatory definition of personal information when interpreting this Statement.
Personal Information does not include:
- Publicly available information from government records;
- De-identified or aggregated information;
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and any comparable state regulation (as applicable); or
- Personal information covered by the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA, the Driver’s Privacy Protection Acts of 1994, or any comparable state regulations (as applicable)).
In particular, DivDathas collected and processed the following categories of Personal Information from its customers’ use of the Website through the methods described above within the last twelve (12) months.
Category | Examples (not intended to be exhaustive) |
Identifiers, including Personal Information listed in customer records statutes. | A real name; alias; signature; business postal address; business email address; business or mobile telephone number; unique personal identifier; online identifier; Internet Protocol address; device identifiers; account name; insurance agent registration number; driver’s license or other state identification number; employment including historical; other device identifiers including the operating system, browser type, network information; or other similar identifiers. |
Protected classification characteristics. | Age , race, color, ancestry, national origin, citizenship, religion or creed, marital status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), or veteran or military status. |
Commercial information. | Records of personal property; products or services purchased, obtained, or considered, including data related to insurance policies; or other purchasing or consuming histories or tendencies. |
Usage. | Information on the user’s interaction with the Website. |
Geolocation data. | Physical location of users, generally and specifically. |
Inferences drawn from other Personal Information. | Profile reflecting an individual’s preferences, characteristics, predispositions, or purchasing behavior. |
2.DivDat obtains the categories of Personal Information listed above from the following categories of sources:
- Directly from you – Personal Information that you input into the Website. For example, from i) forms you complete; ii) products and services your clients purchase; or iii) products and services your employees or independent contractors sell.
- Indirectly from you. For example, from observing user actions on the Website or in the products.
- Records and copies of your correspondence (including email addresses), if you or users contact us in relation to the Website.
- Your responses to surveys that we might ask you to complete for research or marketing purposes.
- Details of transactions you carry out through the
- Purchased from reputable sources either to complete business records we already have in our marketing database or for prospecting purposes.
3. This Statement does not apply to Personal Information collected by:
- Any third-party collecting information about your device or smartphone usage and activity; or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
4. Personal Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with the Website, we may use automatic data collection technologies to collect certain information about your equipment (including your computer or smartphone), browsing actions, and patterns, including:
- Details of your visits to the Website, including traffic data, location data, logs, and other communication data and the resources that you access and use in the Website.
- Information about your computer, smartphone and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically may include Personal Information or we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. It helps us to improve the Website and to deliver a better and more personalized service.
5. The technologies we use for this automatic data collection may include:
- Cookies (or browser/application cookies), cookie is a small file placed on the hard drive of your computer or smartphone. You may refuse to accept browser or mobile cookies by activating the appropriate setting on your browser or smartphone. However, if you select this setting you may be unable to access certain parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Website.
- Flash Cookies. Certain features of our Website may use locallystored objects (LSOs or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons. Pages of the Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit DivDat, for example, to count users who have visited those pages or opened an email and for other related statistics (for example, recording the popularity of certain app content and verifying system and server integrity).
- Geo-Fencing. Certain marketing efforts are made in specific geographic areas, where the geographic area is tracked automatically through website usage.
- Search Tracking. Certain marketing efforts are made to website visitors who have reached the Website through specific searches where the searches are tracked automatically through use of the Website.
- Social Media. We track behaviors on social media pages that are owned or controlled by DivDat or that use the DivDat name.
USE OF YOUR PERSONAL INFORMATION
1. How We Use Your Personal Information
We use your Personal Information to provide the Website functionality, fulfill your requests, improve the quality of the Website, engage in research and analysis relating to the Website, personalize your experience, track usage of the Website, market the Website, provide customer support, message you, back up our systems, allow for disaster recovery, enhance the security of the Website, and comply with legal obligations. Even when we do not retain such Personal Information, it still must be securely transmitted to our servers initially and stored long enough to process.
We also use Personal Information that we collect about you or that you provide to us, including any Personal Information used to fulfill our contractual obligations to you:
- To present the Website or any other products or services we offer or provide though it.and the contents to you.
- To provide you with information, products, or services that you request from us.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your account, including expiration and renewal notices.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. To notify you about changes to the Website or any other products or services we offer or provide though it.
- To allow you to participate in interactive features on our Website.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
We may use or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the Personal Information. For example, if you share your name and contact information to request a price quote or submit a query about our products and services, we will use that Personal Information to respond to your inquiry (automated or otherwise within the Website), If you provide your Personal Information to purchase a product or service, we will use that Personal Information to process your payment and facilitate delivery. We may also save your Personal Information to facilitate orders of additional users or to process decomissions.
- To provide, support, personalize, develop, and enhance the
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To help maintain the safety, security, and integrity of the Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve existing Website or create new Website.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
DivDat will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
2. Sales of Personal Information
In the preceding twelve (12) months, DivDat has not sold Personal Information it has received by and through the Website to any third party. However, we have de-identified and aggregated certain information for both internal and commercial use.
3. Sharing Personal Information
DivDat may disclose your Personal Information to a third party for a business purpose or when they integrate with the Website. When we disclose Personal Information for a business purpose, such third party has entered a contract with either you or DivDat that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
In the previous twelve (12) months, DivDat may have disclosed each of the above categories of Personal Information for a business purpose.
4. We may also disclose your Personal Information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply any agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of DivDat, its customers, or others. This includes exchanging Personal Information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
5. Choices About How We Use and Disclose Your Personal Information
We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your Personal Information:
- Tracking Technologies. You can set your browser or smartphone to refuse all or some browser or application cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Website may then be inaccessible or not function properly.
- Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by sending an email to privacy@divdat.com.
- Promotional Offers from DivDat. If you do not wish to have your email address/contact information used by DivDat to promote our own or third parties’ products or services, you can opt-out by unsubscribing within the email sent to you or by sending us an email stating your request to opt-out of marketing communications to privacy@divdat.com. If we have sent you a promotional email, please use the above two methods and do not send us a return email asking to be omitted from future email distributions as the sending email address might not be able to accept incoming email. This opt-out does not apply to Personal Information provided to DivDat as a result of a product purchase, warranty registration, product service experience or transactions made through our products and services.
- Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out by sending an email to privacy@divdat.com. We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way.
Personal Information Rights and Choices
Certain regulations (including the CCPA) provide individuals with specific rights regarding their Personal Information. This section describes your rights and explains how to exercise those rights.
1. Access to Specific Personal Information and Data Portability Rights
You have the right to request that DivDat disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable individual request we will disclose to you:
- The categories of Personal Information we collected about you from the Website usage.
- The sources for the Personal Information we collected about you from the Website.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose, the business purpose, identifying the personal information categories that each category of recipient obtained.
2. Deletion Request Rights
You have the right to request that DivDat delete any Personal Information about you that was collected and retained, subject to certain exceptions including regulatory data retention requirements.
We may deny your deletion request if retaining the Personal Information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation, including, but not limited to, compliance with applicable state and federal regulations that govern retention of Personal Information.
- Make other internal and lawful uses of that Personal Information that are compatible with the context in which you provided it.
3. Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable request to us by email to privacy@divdat.com.
Only you may make a verifiable request related to Personal Information that we collected from you through the Website.
You may only make a verifiable request for access or data portability twice within a 12-month period. The verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information from the Website.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you in the Website.
We consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.
We will only use Personal Information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
4. Response Timing and Format
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time, up to ninety (90) days, we strive toinform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option and direction.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the Personal Information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to a verifiable request unless the request is excessive, repetitive, or unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. Such work will be performed at DivDat’s current rates for professional services.
5. Non-Discrimination
We will not discriminate against you for exercising any of your Personal Information rights. Unless permitted by applicable regulations, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Data Security
We have implemented measures designed to secure Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your Personal Information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to, through, or by the Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in the Website.
Children Under the Age of 13
The Website is not intended for use by children under thirteen (13) years of age. If you are under 13, do not use or provide any Personal Information on the Website or through any of its features, register on the Website, or provide any Personal Information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that Personal Information. If you believe we might have any Personal Information from or about a child under 13, please contact us through the Website or by email to privacy@divdat.com.
Changes to Our Privacy Statement
DivDat reserves the right to amend this Statement at our discretion and at any time. When we make changes to this Statement, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of the Website following the posting of changes constitutes your acceptance of such changes.
Last Updated and Effective: January 5, 2023